`dissect.target.plugins.filesystem.unix.suid`¶

Module Contents¶

Classes¶

SuidPlugin

Unix SUID binary plugin.

Attributes¶

SuidRecord

dissect.target.plugins.filesystem.unix.suid.SuidRecord¶

class dissect.target.plugins.filesystem.unix.suid.SuidPlugin(target: dissect.target.target.Target)¶

Bases: dissect.target.plugin.Plugin

Unix SUID binary plugin.

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

suid_binaries() → collections.abc.Iterator[SuidRecord]¶

Return all SUID binaries.

A SUID binary allows all users to run it with the permissions of its owner. This means that a SUID binary owned by the root user can be run with root privileges by any user. Such binaries can be leveraged by an adversary to perform privilege escalation.

References

https://steflan-security.com/linux-privilege-escalation-suid-binaries/

dissect.target.plugins.filesystem.unix.suid¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.filesystem.unix.suid`¶